Allowing the Edge UI Access to Local IP Addresses

Edge for Private Cloud v. 4.16.09

There are several places where the Edge UI attempts to access a local IP address:

The Trace tool in the Edge UI has the ability to send and receive API request to any
specified URL. In certain deployment scenarios where Edge components are co-hosted with other
internal services, a malicious user may misuse the power of the Trace tool by making requests
to private IP addresses.

When creating an API proxy from an OpenAPI specification, the specification describes such
elements of an API as its base path, paths and verbs, headers, and more. As part of the spec,
you can specify a base path of the proxy that refers to a private IP address.

When creating an API proxy from a WSDL file located on your local file system.

By default, the Edge UI is prevented from referencing private IP addresses. The list of
private IP addresses includes:

If you want to enable the Edge UI to access private IP addresses, set the following
tokens:

For the Trace tool, the conf_apigee-base_apigee.feature.enabletraceforinternaladdresses property
is disabled by default. Set it to true to enable the Trace tool access to private IP
addresses.

For OpenAPI specs, the conf_apigee-base_apigee.feature.enableopenapiforinternaladdresses property
is disabled by default. Set it to true to enable an OpenAPI access to private IP addresses.
Requires Edge 4.16.09.01. See 4.16.09.01 - Edge for Private
Cloud release notes for more.

For WSDL files, the conf_apigee-base_apigee.feature.enablewsdlforinternaladdresses property
is disabled by default. Set it to true to enable the upload of a WSDL file from private IP
addresses.

Note: If the Apigee Routers are reachable only over the above private
IP ranges, Apigee recommends that you set the conf_apigee-base_apigee.feature.enabletraceforinternaladdresses
property to true.

To set these properties to true:

Open the ui.properties file
in an editor. If the file does not exist, create it.> vi
/<inst_root>/apigee/customer/application/ui.properties

Set the following properties to true:conf_apigee-base_apigee.feature.enabletraceforinternaladdresses="true"
conf_apigee-base_apigee.feature.enableopenapiforinternaladdresses="true"
conf_apigee-base_apigee.feature.enablewsdlforinternaladdresses="true"